How to get PCI DSS compliance right
- 21 May, 2009 16:06
- Comments 1
The road to becoming Payment Card Industry Data Security Standard (PCI DSS) compliant can be a long one, so here we give you the Security Standards Council's Prioritised Approach of six milestones to help your organisation start your journey.
1. Remove sensitive authentication data and limit data retention
This milestone targets a key area of risk for entities that have been compromised. Remember – if sensitive authentication data and other cardholder data are not stored, the effects of a compromise will be greatly reduced. If you don’t need it, don’t store it.
2. Protect the perimeter, internal, and wireless networks
This milestone targets controls for points of access to most compromises – the network or a wireless access point.
3. Secure payment card applications
This milestone targets controls for applications, application processes, and application servers. Weaknesses in these areas offer easy prey for compromising systems and obtaining access to cardholder data.
4. Monitor and control access to your systems
Controls for this milestone allow you to detect the who, what, when, and how concerning who is accessing your network and cardholder data environment.
5. Protect stored cardholder data
For those organisations that have analysed their business processes and determined that they must store Primary Account Numbers, Milestone Five targets key protections mechanisms for that stored data.
6. Finalise remaining compliance efforts, and ensure all controls are in place.
The intent of Milestone Six is to complete PCI DSS requirements and finalise all remaining related policies, procedures, and processes needed to protect the cardholder data environment.
For more information see the Security Standards Council's paper.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
All Systems Down
-
Married to your desk? 5 tips for a better relationship
-
Married to your desk? 5 tips for a better relationship
-
NBN to deliver disability support services to regional Australia
-
Beware of malicious QR codes: Report
-
Best Practices for Energy Efficient Storage Operations Version 1.0
The energy required to support data center IT operations is becoming a central concern worldwide. For some data centers, additional energy supply is simply not available, either due to finite power generation capacity in certain regions or the inability of the power distribution grid to accommodate more lines. Read on. -
Solutions Guide for Data-At-Rest
The purpose of this document is to provide guidance into some of the factors you should consider when evaluating storage security technology and solutions. As with any security project, acquiring technology is not the only step to properly protecting your data. Part of this process should include an evaluation of the current processes and security controls in place, such as physical access controls, environmental controls, and administrative controls. While there is no single set of requirements that applies to all organizations, this Guide can provide some baseline considerations. -
Securing and Managing Your Enterprise: An Integrated Approach
Your organization has a dizzying number of platforms, directories, systems and applications- all requiring your attention and administration. You know you need to manage this complex infrastructure correctly, or your diverse resources will cease to be assets, and instead become a serious drain on administrative time and budget. And even worse, if the management program you deploy isn't comprehensive, unsecured devices can expose your systems to significant security issues. So how you can you integrate and automate fragmented management tasks while addressing a full range of governance, risk and compliance (GRC) issues?
-
Windows 7 for Seniors for Dummies®
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Microsoft Office
-
Windows 7 for Dummies®
-
Office 2007 for Dummies
-
MYOB Software for Dummies 6E Australian Edition
-
Teach Yourself Visually Windows 7
-
Computers for Seniors for Dummies, 2nd Edition
-
Windows 7 for Dummies® Dvd+book Bundle
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Armorguy
Seriously??!!
This is intended to be a meaningful explication of PCI compliance? In less than 300 words?
Please, please, please - don't take what is a crucially important compliance issue and dumb it down like this again. You make yourselves look less than fully aware of the issues...
Your readers deserve better than this - and I suspect you know it. CIO has always stood for quality writing and editing - this doesn't due your reputation justice.
Post new comment